This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4173 Views
  • 0 replies
  • 0 Likes

License issue

Hi all, In my Pa-220 box we have not purchased license of advance threat prevention but its still showing me in the license tab and and its also showing as expired license of (ATP) , the firewall is in ha but on passive one everything is correct, issue is only with active one due to this my app version threat and antivirus is showing mismatc...

False positive - Threat ID 86672 - NewPOSThing Command and Control Traffic Detection

Has anyone seen critical alerts for this threat? It was added as a new signature yesterday in Apps&Threats release 8626-7624. We immediately had an alert for it for traffic to hxxps://www.riddle.com/ws/connect/5 So far it looks like a false positive. Riddle.com appears to be a legitimate "add a riddle/quiz to your website" marketing firm wi...

Resolved! Microsoft Exchange zero-day 2022

According to below link Microsoft Exchange have expose to new vulnerability again . I am using Palo Alto firewall PAN-OS 9.1.14 may I know Palo Alto firewall is able to detect this vulnerability ? and where to check it since I do not have CVE number. New Microsoft Exchange zero-day actively exploited in attacks (bleepingcomputer.com) Warning:...

JiaXiang by L4 Transporter
  • 7120 Views
  • 4 replies
  • 0 Likes

High vulnerabilities PAN-OS reported by vulnerability management scan

Hello colleagues: Good afternoon, hope you are all well. Some of you have reported these critical vulnerabilities to them, by Nesus Scan: Protocol Port Name Synopsis Description Solution TCP 443 CGI Generic Command Execution (time-based) It may be possible to run arbitrary code on the remote web server. The remote web server hosts CGI...

Metgatz by L4 Transporter
  • 3789 Views
  • 1 replies
  • 0 Likes

Tcp flood

Hi,today from 15.10 to 16.10 I received more than 15600 calls from the same IP. The Windows 2012 server already has a function against SYN ATTACK and TCP FLOOD, and I see it on the tcp-rst-from-server log monitor, but they are very small compared to those aged-out. It's been a month since I get continuous attacks and this sends my web applicatio...

attacco.jpg
flood.jpg
s_quasar by L3 Networker
  • 12100 Views
  • 3 replies
  • 0 Likes

Session Token Extend resource

We are on Version 22.06.197 of the Prisma Cloud. I want to know if there is a resource for session token extension or if there is a workaround other than re-initiating the request for a new token. The resource for the Authenticate Client I have been using is as follows:- $CONSOLE/api/v1/authentica...

Potential false positive AV for MS VisualStudio update

Running into a weird problem with VisualStudio update package being detected as a generic virus after recent update to Threat databases. But I can download the indicated file itself just fine. Anybody know what's going on here? Current AV database 4184-4697: File "Microsoft.VisualStudio.Platform.Terminal.vsix" downloaded from https://download....

Resolved! Traffic log Action shows 'allow' but session end shows 'threat'

I looked at several answers posted previously but am still unsure what is actually the end result. I'm looking at the monitor\traffic and I can see traffic leaving the local network going to the internet that shows the action is 'allow' and but the session end reason is 'threat'. Did the traffic actually get forwarded or because the session end...

rmcrae by L3 Networker
  • 25426 Views
  • 5 replies
  • 0 Likes

False positive - Atlassian Confluence Remote Code Execution Vulnerability 92632

Threat ID 92632 was added late 6/3 for the new Atlassian 0-day exploit. All morning we have been seeing false positives on the new signature. Anyone else seeing the same? Seems to be alerting to the inclusion of javascript ad code across multiple websites, sourced from:https://pdc.bidswitch.net/max_mrc_vimp/<long-alphanum-string>https://p...

Resolved! DNS Sinkhole

Hi guys, I have Threat prevention license in my PA-3200 Series firewall but when i configure dns sinkhole in antispyware I am getting Warning: "No Valid DNS Security License" during commit, do i need to buy DNS license to work with sinkhole feature. Please suggest.

Resolved! Check and help resolving VAPT reported issues Global Protect SSL VPN Url

We have done VAPT on our Global protect URL link and identified 3 VA,Kindly check and help resolving this at earliest.1) Absence of CSRF tokens :-No Anti-CSRF tokens were found in a HTML submission form.A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge...

Moving from RSA to ECDSA

Hi, we are using some RSA certs and due to a vulnerability we need to swap them for ECDSA. Our usual cert provider doesn't offer ECDSA. Could someone suggest the best way to obtain this please? I wasn't sure if OpenSSL was a valid option? Thanks, John

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks